Nico
93f912d548
moves all secrets into one centralised location in /media/secrets and uses systemd-tmpfiles to set the appropriate permissions for them
58 lines
1.5 KiB
Nix
58 lines
1.5 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
|
|
services.miniflux = {
|
|
enable = true;
|
|
createDatabaseLocally = true;
|
|
|
|
# Really, really janky, but include
|
|
# OAUTH2_CLIENT_ID = "<client ID>";
|
|
# OAUTH2_CLIENT_SECRET = "<client secret>";
|
|
# https://pocket-id.org/docs/client-examples/miniflux/
|
|
adminCredentialsFile = /media/secrets/miniflux;
|
|
|
|
config = {
|
|
LISTEN_ADDR = "0.0.0.0:8021";
|
|
BASE_URL = "http://rss.${config.homelab.domain}";
|
|
CLEANUP_FREQUENCY = 48;
|
|
|
|
CREATE_ADMIN = 0;
|
|
|
|
CLEANUP_ARCHIVE_BATCH_SIZE = 100000;
|
|
CLEANUP_ARCHIVE_READ_DAYS = -1;
|
|
CLEANUP_ARCHIVE_UNREAD_DAYS = 180;
|
|
CLEANUP_FREQUENCY_HOURS = 24;
|
|
CLEANUP_REMOVE_SESSION_DAYS = 7;
|
|
|
|
DISABLE_HSTS = 1;
|
|
HTTPS = 0;
|
|
DISABLE_HTTP_SERVICE = 0;
|
|
|
|
FETCH_YOUTUBE_WATCH_TIME = 1;
|
|
FILTER_ENTRY_MAX_AGE_DAYS = 1825; # 5 years
|
|
|
|
FORCE_REFRESH_INTERVAL = 30;
|
|
POLLING_FREQUENCY = 180;
|
|
|
|
OAUTH2_PROVIDER = "oidc";
|
|
OAUTH2_REDIRECT_URL = "https://rss.${config.homelab.domain}/oauth2/oidc/callback";
|
|
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://${config.homelab.authDomain}/oauth2/openid/miniflux";
|
|
OAUTH2_OIDC_PROVIDER_NAME = "kanidm";
|
|
OAUTH2_USER_CREATION = 1;
|
|
DISABLE_LOCAL_AUTH = 1;
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"f /media/secrets/miniflux 0400 root root"
|
|
];
|
|
|
|
services.caddy.virtualHosts."rss.${config.homelab.domain}" = {
|
|
useACMEHost = config.homelab.domain;
|
|
extraConfig = ''
|
|
reverse_proxy http://localhost:8021
|
|
import block_non_private_ips
|
|
'';
|
|
};
|
|
}
|